Skip to main content

Squid CVE-2021-31806

MEDIUM
Improper Encoding or Escaping of Output (CWE-116)
2021-05-27 cve@mitre.org
6.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
May 27, 2021 - 13:15 nvd
MEDIUM 6.5

DescriptionNVD

An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a memory-management bug, it is vulnerable to a Denial of Service attack (against all clients using the proxy) via HTTP Range request processing.

AnalysisAI

An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Technical ContextAI

This vulnerability is classified under CWE-116. An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a memory-management bug, it is vulnerable to a Denial of Service attack (against all clients using the proxy) via HTTP Range request processing. Affected products include: Squid-Cache Squid, Debian Debian Linux, Fedoraproject Fedora, Netapp Cloud Manager. Version information: before 4.15.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

More in Squid

View all
CVE-2016-4553 HIGH
8.6 May 10

client_side.cc in Squid before 3.5.18 and 4.x before 4.0.10 does not properly ignore the Host header when absolute-URI i

CVE-2016-4054 HIGH
8.1 Apr 25

Buffer overflow in Squid 3.x before 3.5.17 and 4.x before 4.0.9 allows remote attackers to execute arbitrary code via cr

CVE-2016-4555 HIGH POC
7.5 May 10

client_side_request.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows remote servers to cause a denial of servi

CVE-2016-3947 HIGH
8.2 Apr 07

Heap-based buffer overflow in the Icmp6::Recv function in icmp/Icmp6.cc in the pinger utility in Squid before 3.5.16 and

CVE-2013-4123 MEDIUM POC
5.0 Sep 16

client_side_request.cc in Squid 3.2.x before 3.2.13 and 3.3.x before 3.3.8 allows remote attackers to cause a denial of

CVE-2013-4115 HIGH
7.5 Aug 09

Buffer overflow in the idnsALookup function in dns_internal.cc in Squid 3.2 through 3.2.11 and 3.3 through 3.3.6 allows

CVE-2016-4554 HIGH
8.6 May 10

mime_header.cc in Squid before 3.5.18 allows remote attackers to bypass intended same-origin restrictions and possibly c

CVE-2014-7141 MEDIUM
6.4 Nov 26

The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of servic

CVE-2014-3609 MEDIUM
5.0 Sep 11

HttpHdrRange.cc in Squid 3.x before 3.3.12 and 3.4.x before 3.4.6 allows remote attackers to cause a denial of service (

CVE-2016-2569 HIGH
7.5 Feb 27

Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not properly append data to String objects, which allows remote server

CVE-2016-3948 HIGH
7.5 Apr 07

Squid 3.x before 3.5.16 and 4.x before 4.0.8 improperly perform bounds checking, which allows remote attackers to cause

CVE-2014-7142 MEDIUM
6.4 Nov 26

The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of servic

Share

CVE-2021-31806 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy